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[57] ABSTRACT 

In an electronic assembly, a first integrated circuit device 
(chip) is provided with a lock circuitry that controls opera- 
tional enablement of a functional block of the chip. To 
unlock the lock circuitry, a "chip-key* 1 must be supplied to 
the chip. The chip is also provided with chip-key output 
circuit for outputting a chip key associated with one or more 
other chips of the electronic assembly; the chip-key output 
circuit may be part of the functional block controlled by the 
lock circuitry of the same chip. 

9 Claims, 4 Drawing Sheets 
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ELETRONIC ASSEMBLY WITH (With "such an arrangement, an intruder having internal 

INTEGRATED CIRCUIT DEVICES ^physical access to an item of equipment cannot access the 

INCLUDING LOCK CIRCUITRY [resources incorporating the controlled devices whilst an 

_____ authorised user need only input a single password to unlock 

FIELD OF THE INVENTION 5 the functionality of all resources he/she is authorised to use. 

The present invention relates to an electronic assembly ^ e principle of having one device enable another can 

with integrated circuit devices that include lock circuitry. ^ used to ensure that only certain specific devices or 

device types are used together. Thus if a device receiving a 

BACKGROUND OF THE INVENTION chip key from another is not the intended mate to the device 

„ . . . . _ , , 10 outputting the chip key. then it can be arranged that the chip 

Various techniques are known for ensuring that only key is ineffective to enable the receiving device 

authorised persons can gain operational access to a com- m Mdl an application, it is not in fact necessary for the 

puter. For example, a computer may offer password protec- device output the chip key to await for its own functionality 

□on whereby upon power on of the computer or following t0 te enabled Mote it ^ ^ key t0 ^ ne / t 

activation of password protection (for example, when a user 15 device. 

temporarily goes away from the computer), a predetermined _ ,. , .... 

password must be entered before wc^ationaJ capabalities 8 °™ ***** PrCSCDt inycnXlon mcrc 15 

of the computer are restored. Such a system may operate, for pswiteu 

example, by deactivating the keyboard controller until the BRIEF DESCRIPTION OF THE DRAWINGS 

correct password is input 20 

It is also known to adjust the computer resources available Electronic assemblies embodying the invention, will now 

to a user according to the user's authorisation level; this is te b y wav of aon-lirniting example, with refer- 

generally achieved by having the user identify himseltf ence to me accornpanymg diagrammatic drawmgs.mwWch^ 

herself to the computer with this identify being authenticated FIG. 1 is a block diagram of an integrated circuit device 

by subsequent input of a user- specific password 25 showing a lock circuitry for controlling enablement of a 

In fact, both the foregoing arrangements provide only functional block of the device; 

very limited protection for the computer resources in the FIG. 2 is a diagram illustrating various arrangements for 

situation where a person intending to gain unauthorised enabling different functional blocks provided in the same 

access (herein referred to as an intruder) has physical access integrated circuit device; 

to the inside of the computer. For example, in the case of 30 FIG. 3(a) is a diagram of a first embodiment of an 

password protection inhibiting the keyboard controller, it is integrated circuit device for use in the present invention; 

really only the keyboard that is disabled and an intruder with FIG. 3(i>) is a diagram of a second embodiment of an 

internal physical access to the computer can readily bypass integrated circuit device for use in the present invention; 

the keyboard and use the other computer resources. The , . f ... . ... , f 

„„ / . . , , . ^ .35 FIG. 3(c) is a diagram of a third embodiment of an 

same is true where access to certain resources is password • , . . . . . c • ^ * . ' . 

# . , „ . . ^. . - . , : A _ \. integrated circuit device for use in the present invention; 

protected as such protection is software implemented by the r 

computer's main processor and an intruder with internal nG * ^ 1S a of a fourth embodiment of an 

physical access can. for example, readily access a suppos- l» te gn*ed circuit device for use in the present invention; 

edly protected hard disc drive. FIG. 4(a) is a diagram of a first electronic assembly with 

One approach to dealing with mis problem has been to 40 arran S cmcnt of integrated circuit devices of the FIG. 3(a) 

reduce the possibility of an intruder gaining internal physical fotm mat scrves t0 operation of functional blocks of 

access to the computer. For example, it is common to ^ devices if any device is missing; 

provide physical locks on computer cases. More sophist!- FIG. 4(b) is a diagram of a second electronic assembly 

cated approaches are also known, though generally in the with a one-to-many arrangement of integrated circuit 

context of protecting highly sensitive data; thus, it is known 43 devices with the "one" device being of the FIG. 3(b) form; 

to provide tamper-proof enclosures for encryption/ FIG. 4(c) is a diagram of a third electronic assembly with 

decryption modules storing encryption/decryption keys, any a chain arrangement of integrated circuit devices with the 

attempt to open the module resulting in destruction of the device at the head of the chain being of the FIG. 3(b) form; 

keys. This tatter approach to providing a defense against ^ and 

internal physical tampering, whilst effective, is generally FIG. 4(d) is a diagram of a fourth electronic assembly in 

very expensive and is not suitable for general application. which m 1^^^ 4^ device of the FIG. 3(d) form 

It is an object of the present invention to provide a general controls two futher integrated circuit devices, 
approach to protecting resources in electronic equipment 

that may be physically accessible to unauthorised users, but 35 BEST MODE OF CARRYING OUT THE 

which does not require the use of a special tamper-proof INVENTION 

enclosure. Before describing an embodiment of an integrated circuit 

SUMMARY OF THE INVENTION device provided with chip-key output means for use in the 

present invention, an integrated circuit device will be 

In general terms, the present invention envisages control- 60 described with reference to FIGS. 1 and 2. that has a 

ling the use of the functionality provided by a plurality of functional block controlled by lock circuitry. The integrated 

integrated circuit devices (for example, associated with circuit device of FIGS. 1 and 2 forms the subject mater of 

different resources) by requiring each of the devices to be our co-pending European Application filed the same date 

provided with a corresponding password ("chip key") and and entitled "Integrated Circuit Device with Function Usage 

arranging for this to be done by having a first one of the 65 Control" 

devices, once itself enabled by its chip key, initiate the The integrated circuit device 10 (hereinafter "chip**) 

passing of the appropriate chip keys to the other devices. shown in diagrammatic form in FIG. 1 comprises lock 
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circuitry 11 controlling operational enablement of a func- IV2 value, until the chip is de-energised (or some other 

tional block 12 (FIG. 1 is not intended to accurately repre- condition is achieved). 

sent the relative chip areas occupied by the circuitry 11 and The chip-key signature stored in register 25 may be set in 

functional block 12). Functional block 12 may, for example. permanently at the time of manufacture or. as in the present 

be a data compression engine for compressing/ 5 example, written in subsequently (the register in this case 

^compressing externally supplied data* or part of a disk- being for example. Flash or EEPROM memory). To control 

drive controller. this latter process, the chip 10 is provided with a write 

The functional block 12 is connected to external data, control circuit 28 interposed between the data lines 14 and 

address and control lines 13, 14, 15jhxough external chip the register 25. In order to write to the register 25, the 

contacts ( not explicitly shown), The block 12 operates in 10 required chip-key signature value is placed on the data lines 

standard manner with the exception that for its operation it - ; 14 and a write-enable signal is passed on line 29 to the write 

needs to be supplied with a signal on line 16 coming from control circuit 28. Additionally, the write control circuit 28 

trie lock circuitry 11. In the present example, the required is arranged only to enable writing to the register 25 either if 

signal on line 16 is an external clock signal delivered over its contents are all zeroes (indicating that no chip-key 

control line 17 to a gating circuit 18 of the lock circuitry 11, 15 signature has yet been written in) or if the lock circuitry is 

When the gating circuit is fed with an enable signal on line currently in its unlocked state (as indicated, for example, by 

19, the external clock signal is passed to the block 12 the presence of a signal on line 30 from the comparison 

enabling its operation; in the absence of an enable signal on block 27). 

line 19, the block 12 is internally non-operational. Once the required chip-key signature has been written to 

To unlock the lock circuitry 11 to enable block 12. a 20 the register 25. further writing to the register could be 

predetermined password (chip-key) must be supplied to the prevented by providing a fusible link in the write control 

lock circuitry 11 from externally of the chip 10. Two circuitry 28, the link being blown upon application of an 

particular measures are taken to ensure the confidentiality of appropriate external signal on line 31. 

this chip-key. First, the chip-key is passed to the chip 10 in Typically, the chip key in clear form may have a length of 

encrypted form, the encrypted chip-key being decrypted in 25 IK bits. 

the lock circuitry 11. To this end, the lock circuitry com- Although in. FIG. 1" the chip 10 is shown with only one 

prises a secure communication block 20 that communicates fractional block 12 controlled by the lock circuitry 11, a 

with the outside world over serial input and output lines 21, Dumber of such blocks may be provided typically each with 

22. The block 20 implements, for example, the well-known ^different functionality. Such an arrangement is shown in 

Diffie-Hcllrnan Key Exchange algorithm (see. for example, fig. 2 for five functional blocks 12A to 12E. In this case a 

"Network and Internetwork Security-, p342, William respective gating circuit 18as associated with each func- 

Stallings. Prentice Hall International, 1995); by operating tional biock and the register 25 is replaced by a register 

this public key algorithm with one-time cryptographic keys, biock 35 storing signatures for a plurality of different 

a chip-key can be passed to the chip 20 in a confidential chip-keys associated with particular ones of the functional 

manner that is proof against a replay attack. blocks. In FIG. 2, these signatures are designated H(K1) to 

When the secure communications block 20 is fed with an H(K6), corresponding to the hash of chip-keys Kl to K6 

encrypted chip-key, it decrypts the chip-key and temporarily respectively. When presented with an intermediate value 

outputs the chip-key as first intermediate value IV 1. IV2, the comparison block 27 now searches for a match 

The second measure taken to ensure the confidentiality of 40 amongst the signatures H(K1) to H(K6) stored in register 
the chip-key, is that a copy of the chip-key is not stored as y block 35 and upon finding a match takes appropriate action 

suctLin chip 10 for comparison against the input chip-key. respect of the associated functional block. 

Instead - a signature of the correct chip-key for the chip In the FIG. 2 example, for functional blocks 12A, 12B, 

concerned is stored in register 25 of the lock circuitry, this 12C a single respective signature H(K1). H(K2), H(K3) is 

signature being a value formed by subjecting the clear form 45 stored in register block 35 and upon signal TV2 taking on a 

of thechlp-key to a one-way function. This one-way func- corresponding value, the comparison block 27 outputs an 

rion is,, for example, a one-way hash function such as enable signal to the appropriate functional block. The func- 

effected the Secure Hash Algorithm SHA (see page 276 of tionality of the blocks 12A, 12B and 12C can thus be 

the aforesaid reference "Network and Internetwork selectively enabled according to the input chip-key and this 

Security"). Were an intruder able gain access to register 25 50 permits different functionality to be made available to dif- 

in a manner permitting its contents to be read, this would not ferent users. 

compromise the chip-key as it would not be computationally The enablement of block 12D is more involved than for 

feasible to determine the latter from its signature held in blocks 12A,B,C. In this case, not only must signal IV2 take 

register 25. on the correct value corresponding to the stored signature 

In order to ascertain whether an input chip-key is the 55 H(K4) for block 12D, but block 12C must also have first 

correct one to unlock the particular chip 10 concerned, the been enabled. This is achieved by having the gating circuit 

lock circuitry further comprises a one-way function block 26 18 associated with the block 12D only enable the latter upon 

that subjects the chip-key output as IV1 from biock 20 to the receipt of enable signals both from the comparison block 27 

one-way function (in this case, the SHA) used to form the and from the block 12C, the latter only supplying such a 

chip-key signature held in register 25. The resultant inter- 60 signal when itself enabled. This general arrangement per- 

mediate value IV2 output by block 26 is then compared in raits a hierarchical access scheme to be implemented by 

comparison block 27 with the signature stored in register 25; which each level has a corresponding chip-key and users can 

if a match is found, the comparison block 27 outputs an only enable functional blocks up to a level in the hierarchy 

enable signal on tine 19 to cause operational enablement of for which they have the correct chip-keys, 

the functional block 12. The comparison block latches the 65 Enablement of functional block 12E requires the input of 

enable signal in the sense that once this signal is generated, two encrypted chip-keys K5, K6 (possibly in direct 

it remains present notwithstanding removal of the correct succession), the register block 35 storing the corresponding 
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signatures H(K5), H(K6) of both chip-keys. In this case, the FIG. 4 shows four possible arrangments of the FIG. 3 

comparison block 27 when identifying a match for a first one chips in an electronic assembly, these arrangments being 

of the chip-keys, must remember this fact and await detec- merely illustrative of the wide range of possible arrangc- 

tion of a match for the second one of the chip-keys before ments. 

outputting an enable signal to the gating circuit 18 associ- 5 In the FIG. 4(a) arrangement, three chips 10 of the FIG. 

ated with functional block 12E. 3(a) form each have their lock circuitry arranged to receive 

It will be appreciated that the different approaches chip keys output by the circuits of the other two chips, 

described above for enabling blocks 12A-C, block 12D, and ^ c lock circuitry 11 of each chip is such that it requires the 

block 12E can be used in any desired combination as chip Jc ^ s ? om me other chi P s before it enables the associ- 
required. It will also be appreciated that the chip 10 can be io ated functional block 12. With such an arrangment the 

provided with one or more functional blocks that are not ab " nc f ™y one chip prevents the functional blocks of the 

controlled by the lock circuitry 11. such blocks being chips from being ™aWed\ The chip keys can be chosen 

unconditionally available for use. to spcafic t0 partlcular ***** 01 Particular chip types. 

FIG^ isSSSb^ 

£X, * P T * C Tf l f U<iing lOCk DOt mem ^« ^ provided vrtth a chip-key output circuit 

arcuitry. such as die previously described lock circuitry 11, (though, of course, such functionality could be present). This 

and a functional block 12 controlled by the lock circuitry. arrangement provides a one-to-many enablement arrange- 

For clarity, in FIG. 3 (and also in FIG. 4) only the input ment 

connection to the lock circuitry 11 of each chip 10 has been In the FIG. 4(c) arrangement a first chip of the FIG. 3(b) 
shown, this connection being represented by a single line ™ form is arranged to output a chip key to enable the functional 

(generally, it will be two lines as shown in FIG. 1 as two-way block of a second chip also of the FIG. 3(b) form; this latter 

communication is required for the secure communication chip is in turn arranged to output a chip key for enabling the 

process operated by the FIG. 1 lock circuitry). Again, for functional block of another chip. This arrangement provides 

clarity . each chip is shown as having only one main func- a chain of enablement that can be extended as required. 

2 * T£? UCd ^ 11 (th ° Ugh M ™ c *') *™ <* chip «»ld be used in place of the 

^^i^^^k 2* T y 10 CattUI ™- W fom of chj P iD °<>th the FIG. 4(b) and FIG. 4(c) 

cases also be controlled by the lock circuitry). arrangements. In the FIG. 4(d) arrangement a chip ofthe 

Each embodiment shown in FIG. 3 includes a chip-key FIG. 3(d) form is used to independently enable two further 

output ciruit 40 which when enabled is operative to output chips in dependence on the receipt of the appropriate chip 
a chip key associated with another chip. This output may be 30 key by the lock circuitry of the FIG. 3(d) chip, 

in encrypted form using a secure communications arrange- It will be appreciated that in the foregoing FIG. 4 

ment (such as employed in the FIG. 1 lock circuitry) or may arrangments. where different chip keys are to be passed to 

use a lower level of security, depending on application. different chips, this can be done over the same communi- 

FIG. 3(a) shows a first form of chip 10 for use in the 33 cation lines since passing a chip key to a chip for which it 

present invention, in which the chip-key output circuit 40 is is not intended simply means that the chip will fail to 

independent of the lock circuitry 11. being enabled imme- respond. Of course, appropriate measures would be needed 

diately upon energisation of the device and triggered to for sharing a common communication link, 

output its chip key by an external signal such as a reset In all of the FIG. 4 arrangemeDts. the master or head chip 

Slg ^' » 40 ( me leftmost chip) may be supplied with a chip key over a 

FIG. 3(b) shows a second form of chip 10 for use in the communications link or from a local input device such as a 

present invention in which the chip-key output circuit 40 smart card reader. 

forms pan (or possibly all) of the functional block 12 It will be appreciated that various modifications may be 

controlled by the lock circuitry 12. In this embodiment, upon ma de to the described embodiments of the present invention, 

the functional block 12 becoming enabled, the chip-key 4J For example, the lock circuitry may differ from that 

output circuit 40 outputs its chip key. described with respect to FIG. 1 depending on the level of 

FIQ 3(c) shows a third form of chip 10 for use in the security required; in some applications, for example, it may 

present invention in which the chip-key output circuit 40 be acceptable simply to store the password in clear in the 

forms a functional block controlled by the lock circuitry 12 chip and even to omit the secure communications means. In 

separately from the main functional block of the chip; in this 50 fact for the arrangements shown in FIGS. 4(b) to 4(d). a 

case, the block 12 and circuit 40 may become enabled by the preferred option is to provide the head chip (the leftmost 

receipt of different chip keys by the lock circuitry. Upon the chip) with lock circuitry of the FIG. 1 form whilst using less 

chip-key output circuit 40 becoming enabled, it outputs its secure arrangements for the other chips. For the FIG. 4(a) 

cm P kcv - arrangement, lock circuitry of a lower level of security than 

FIG. 3(d) shows a fourth form of chip 10 for use in the 55 offered by the Figure lock circuitry will generally be appro- 
present invention in which two chip-key output circuits 40 priate. The chip-key output means 40 has its security level 
are provided, each controlled as a functional block by the matched to that ofthe lock circuitry with which it interfaces, 
lock circuitry 12 such as to become enabled by the receipt I claim: 

of different chip keys by the lock circuitry. Upon either 1. An electronic assembly positioned within a computer 

chip-key output circuit 40 becoming enabled, it outputs its eo case * said electronic assembly including a plurality of inte- 

chip key (the chip keys output by each circuit 40 will grated circuit devices, a first one of said devices comprising: 

genreally be different). afunctional blockfor providing the device with a required 

It will be appreciated that variants of the FIG. 3 chip functionality, 

forms are possible; for example, in FIG. 3(d) chip, more than lock circuitry for inhibiting operation of said functional 

two chip-key output circuits could be provided and each 65 block until the provision to the lock circuitry, from 

may form part of a block 12 possessing additional function- externally of the device, of at least one predetermined 

^ chip key, and 
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chip key output means for outputting a chip key associ- 
ated with another said device; 
and a second one of said devices being connected to receive 
the said chip key output by the said chip-key output means 
of said devices, said second one of said devices comprising: 
a functional block for providing said second one of said 

devices with a required functionality, and 
Lock circuitry for inhibiting operation of said functional 
block of said second one of said devices until the 
provision to the lock circuitry of said chip key from 
said first one of said devices. 

2. An electronic assembly according to claim 1. wherein 
for said first one of said devices, said chip-key output means 
is independent of said lock circuitry. 

3. An electronic assembly according to claim 1, wherein 
for said first one of said devices, said functional block 
controlled by the lock circuitry comprises said chip-key 
output means. 

4. An electronic assembly according to claim 3. wherein 
said first one of said devices comprising at least two said 
ru actional blocks each comprising a respective said chip-key 
output means for outputting respective chip keys when the 
functional block ceases to be inhibited by said lock circuitry, 
there being at least two said second ones of said devices to 
which are passed respective ones of said chip keys output by 
the said first one of said devices. 

5. An electronic assembly according to claim 2. including 
a plurality of said second ones of said devices each con- 
nected to receive the chip key output by said first one of the 
devices. 

6. An electronic assembly according to claim 3, wherein 
the said functional block of said second one of the devices 
includes chip-key output means for outputting a respective 
chip key when the functional block ceases to be inhibited by 
said lock circuitry, a third one of said devices being con- 
nected to receive the said chip key output by the said 
chip-key output means of said second one of said devices, 
and said third one of said devices comprising: 
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a functional block for providing that device with a 

required functionality, and 
lock circuitry for inhibiting operation of said functional 

block of the same device until the provision to the lock 
5 circuitry of said chip key from said second one of said 

devices. 

7. An electronic assembly according to claim 1, wherein 
the lock circuitry of said first device comprises: 

storage means for storing at least one reference value. 

to secure communication means for receiving an input from 
externally of the device and for subjecting that input to 
a decryption process to produce a first intermediate 
value, the nature of said decryption process being such 
that said first intermediate value corresponds to the 

is clear form of a said chip key when said input is that key 
in encrypted form, 
means for receiving said first intermediate value and for 
performing a one-way function on it to produce a 
second intermediate value. 

20 comparison means for detecting a match between said 
second intermediate value and a said at least one 
reference value, and for producing a corresponding 
enable signal when at least one said match has been 
detected, and 

25 inhibit means for inhibiting operation of the or each said 
functional block until the corresponding said enable 
signal is produced. 

8. A device according to claim 1. wherein the said 
chip-key output means of said first device is such that the 

30 said chip key output thereby is output in encrypted farm, the 
lock circuitry of the second device including means for 
decrypting the chip key on receipt 

9. An electronic assembly according to claim 3. including 
a plurality of said second ones of said devices, each con- 

35 nected to receive the chip key output by said one of the 
devices. 

***** 



02/26/2004, EAST Version: 1.4.1 



